CVE-2013-5674
Published: 16 September 2013
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
Priority
Status
Package | Release | Status |
---|---|---|
moodle Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(2.5.2-1)
|
|
trusty |
Does not exist
(trusty was not-affected [2.5.2-1])
|
|
upstream |
Released
(2.5.2-1)
|
|
utopic |
Not vulnerable
(2.5.2-1)
|
|
vivid |
Not vulnerable
(2.5.2-1)
|
|
wily |
Not vulnerable
(2.5.2-1)
|
|
xenial |
Not vulnerable
(2.5.2-1)
|
|
yakkety |
Not vulnerable
(2.5.2-1)
|
|
zesty |
Not vulnerable
(2.5.2-1)
|